Another WordPress hacking campaign is ongoing targeting AMP for WordPress plugin
- The plugin is installed on more than 100,000 WordPress sites and can allow attackers to gain administrative access to a site.
- The exploitation process is very similar to the one reported in the WP GDPR Compliance plugin.
Security researchers have identified a second security flaw in the Accelerated Mobile Pages (AMP) for WP WordPress plugin. The plugin is installed on more than 100,000 WordPress sites and can allow attackers to gain administrative access to a site.
The vulnerability came into light last week after WebARX, a web security firm, published a proof-of-concept (PoC) on the exploitation process. However, the actual vulnerability was identified by a WordPress plugin developer, Sybre Waaijer, who later reported the issue to the WordPress plugin team in mid-October.
According to the WordPress security firm, Wordfence, the vulnerability is identified as a cross-site scripting (XSS) flaw and the exploitation process is very similar to the one reported in the WP GDPR Compliance plugin.
The malicious code allows attackers to create a new administrator account named ‘supportuser’. In addition to the creation of a rogue admin account, the script allows attackers to inject backdoors into an affected site’s plugins.
Fixing the issue
Defiant’s security team suggested that uses should implement content security policy (CSP) as a possible mitigation solution to such attacks. Researchers also advised users to update their site’s software to the latest version. A fix to the issue is available in the updated version of AMP for WP i.e 0.9.97.20.